What is the difference between _url and _path while using the routes in rails

ruby-on-rails routes

When we define routes in routes.rb using the name like map.some_link.We can use the link in two ways- some_link_url, some_link_path.

What are the differences between the two?

Which is more secure to be used?

modulitos

I had the same question and I wrote a small post about this in my blog

The reason is summarized here (I found this on a forum):

*_path are for views because ahrefs are implicitly linked to the current URL. So it’d be a waste of bytes to repeat it over and over. In the controller, though, *_url is needed for redirect_to because the HTTP specification mandates that the Location: header in 3xx redirects is a complete URL.

Here is another explanation which says it depends on whether we need to use an absolute URI when linking to an SSL site from a non-SSL site, and vice versa.

What I have read so far, doesn't suggest that any of them is more secure than the other. It really comes down to what is the "proper" usage.

Thanks a lot. Found it useful. So in the controllers we use "_url" while in the views we can use "_path" though "_url" can still be used there as well.

You don't need to use *_url for controllers, path will work just as well. You should only use _url when displaying the route to outside sources.

To clarify some more: the _path output will work just as well for the Location header in a Redirect. The browser will interpret that as a relative-to-root redirect.

The quote in the answer is incorrect. _path works in controllers.

The URL to your blog post is 404'ing. Can you update the link?

ponzao

path is relative while url is absolute.

Rather succinct. I like succinct. ;) +1

Perfect. The usage of _url is required in controller(server-side) and _path are engouh in the view(browser-end).

Short, concise answer +1

Community

An example of the difference for a resource called "user":

users_url # => http://localhost:3000/users
users_path  # => /users

Ian Lotinsky

Same answer as Petros, except that modern browsers handle relative redirects just fine. (I'd comment on his answer, but I can't yet.)

Alok Swain

By secure if you mean not exposing all the data passed, then _path is better as it generates a relative url, something like '/login' but _path would give 'http://localhost:3000/login'. Please refer to this blog post i found sometime back regarding the same. When _url is better than _path

I'm afraid this is incorrect. Using _path for security reasons doesn't provide any security. This would be the same as saying that the IP address of a web server should be kept secret, when a simple DNS request reveals this information.

Likewise, with the example given above regarding hiding the host and port "localhost:3000" for security, is incorrect. Discovering this information is simple using a software network scanning tool, widely available.

Radhika

_url will give the entire path. As it contains the domain name and protocol, you can use it for eg. to send email or redirecting to another domain, etc.

_path will return the path which is after '/' without domain,protocol etc. So you can use it every now and then(I guess), where you don't require details of domain.

jbk

The _url helper generates a string containing the entire URL, while the _path helper generates a string containing the relative path from the root of the application, e.g.:

photos_url  # => "http://www.example.com/photos"
photos_path # => "/photos"

As per Rails Guides - Routing.

What is the difference between _url and _path while using the routes in rails

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Links

Contact US